Hi Sampathkumar, you can use git to get you a patch diff for this fix.
Just clone the repo and run the following command. #> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch Then edit the file and delete everything execpt of changes inside the snmp_pdu_parse() function. Double check with the original fix and you are done. Hope that helps, Alex~ On Thu, Aug 27, 2015 at 12:25:41AM -0700, Sampathkumar Santhanakrishnan wrote: > Hello, > I am looking for net-snmp 5.7.1 based patch for CVE-2015-5621 > > "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and > earlier does not remove the varBind variable in a > netsnmp_variable_list item when parsing of the SNMP PDU fails, which > allows remote attackers to cause a denial of service (crash) and > possibly execute arbitrary code via a crafted packet." > > Can someone help on this ? > > Thanks & Regards, > Sampajtj > > ------------------------------------------------------------------------------ > _______________________________________________ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > -- Alexander Bergmann <abergm...@suse.com>, Security Engineer, SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
signature.asc
Description: Digital signature
------------------------------------------------------------------------------
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders